04 April 2011
It's very fun to read, with a captivating plot. I kept flipping to the back cover making sure I remembered correctly, that the author is a computer security expert who wrote sysinternals, a hardcore system administration tool for Windows -- He may well have been a professional novelist.
Its target audience is not limited to computer professionals, but computer geeks should really enjoy it. When it gets technical, the author does a great job at explaining the terms, and the technical parts are extremely accurate. I'm quite familiar with the technology though, so I'm probably biased -- others might find it too technical for their taste.
The threat of attacks against big Western companies isn't imaginary -- RSA and Google among many others have been the targets of attacks just like the ones described in the book. When the purpose of the attack becomes destruction, the story is certainly more interesting.
31 March 2011
I don't recommend using Google's "About ... results" to estimate the number of infected URLs. Clicking through the search results, the estimate changes dramatically. What seems to start as "About 533,000 results" at some point drops dramatically to "Page 38 of 374 results"
These result pages change very fast, you might hit the "end" of your results in a different page than I did. This number is not accurate either -- Search result pages typically limit the number of URLs they return per site.
That's one reason I'd be cautious of this method. The other reason is perhaps more fundamental. A search engine does not index HTML tags, only text between these tags. So a query for "<script src="http://lizamoon.com/ur.php" does not necessarily yield pages infected with that script -- but mostly pages where the infection was unsuccessful, and that tag appears as HTML-escaped text. The blog post from websense actually illustrates this:
This is not a script include -- it's text, and in this case, harmless. Some of the infections might actually have worked. As the first image shows, 2 of the results are marked as "may harm your computer" by Google.
Google offers a different way to estimate infections, the Safe Browsing Diagnostic page. For this site, at the time I fetched the page, it reported that 5 sites were infected. That's not to claim that the diagnostic page is the most accurate estimate out there, but I work on the team and I trust it :).
23 March 2011
20 January 2011
data:text/html,<pre contenteditable="">type here</pre>You can bookmark it for faster access. Hint courtesy of Tab Atkins.
24 December 2010
The development was surprisingly easy -- I'll publish the source code soon -- but it was very straightforward and done within essentially 1 day.
It's probably a bit buggy and slow (at least on the Nexus S). I've tested it on a G1, Nexus One, T-Mobile MyTouch 3G slide, and Nexus S. I'll address the speed issue in the future. To give it a try, you can download it from the Android Market (Search for "Seismos")
19 September 2010
16 September 2010
- Keep your OS, browser, and browser plugins up-to-date.
- Run anti-virus software, and keep this up-to-date, too.
- Disable or uninstall any software or browser plug-ins you don’t use — this reduces your vulnerability surface.
- If you receive a PDF attachment in Gmail, select “View” to view it in Gmail instead of downloading it.
Full post on the Google online security blog.
Also check out a post of mine on avoiding this and future PDF 0-days
14 September 2010
28 April 2010
Titled "Honeybot, Your Man in the Middle for Automated Social Engineering", the study shows how chat bots can become much harder to detect. The paper is available in PDF
Chat bots log in to chat rooms and initiate conversations with users. They try to get the user to follow a URL and maybe download and run a program, or provide their credentials to a phishing site. Or plain old spam.
In any case, it's relatively easy for human users to tell spam bots from real users, because the responses are generated by a program, and as we know, it can be hard to appear like a human.
Instead, the chat bot initiates a conversation with user Alice, and one with Bob. The first message is something simple such as "Hi". The response from Alice is then forwarded to Bob, and Bob's replies to Alice. The bot simply acts as a man in the middle. Alice and Bob have a real, human conversation, but for all they know they are chatting with a different user, with a nickname that's "neither female nor male" :) At some point in the conversation they would throw in a URL and see if the users would click it.
The funniest part of the paper comes in Figure 2, where the authors have instructed the bot to change gender-related words in conversations from male to female. Because most of the users in the dating site they were experimenting in were male, the conversations between 2 men ended too early. So the authors changed conversations such as "Are you a dude?" to "Are you a chick?" The click-through rate increased significantly :)
04 January 2010
In particular, the JPGs you can add to it need to be of a certain "format" that a certain proprietary, windows-only binary (SunPlus PMP Transcoding Tool) knows about.
The tool was probably written in Visual Basic and is completely useless if you want to transcode more than 2-3 images -- it takes 4-5 clicks per image, no batch support etc.
Some forums mentioned that Microsoft Paint (!) was able to transcode the files successfully too. So I tried something more sophisticated (GIMP) which turned out to work as well, given the following settings:
- Open the original
- Resize / crop as needed (I recommend resizing to 640x480 so you save space on the limited capacity of the device (24MB)
- File > Save as
- use JPG if it's not already JPG
- In the "Save as JPEG" dialog, expand the "Advanced Options" and uncheck everything (no Optimize, not Progressive, no EXIF data, no thumbnail). I don't know exactly which combination of these metadata the device does not support, but disabling all of them has you covered.
- Hit "Save"
The batch process plugin also lets you define a particular output folder, renaming options and output options, where again you can disable any metadata in the JPG.
Then copy the output images to the PHOTO directory of the device, reboot the device, and enjoy.